bradley

bradley

Are there any generic KMS libraries out there?

I really like the adapter patterns that ecto, nebulex, waffle, etc. use and would love find something similar for a key management service but I’m not finding any. Ideally I’d be able to switch from say Google Cloud KMS to AWS KMS seamlessly with minimal configuration.

I’ve thought about open sourcing something that does this but I’m hesitant to create yet another project that may or may not be useful so I figure I’d check here first!

I already have a Google KMS adapter written using the elixir-google-api library and the following interface:

defmodule KMS do
  @type key_details :: KMS.KeyDetails.t()
  @type public_key :: JOSE.JWK.t()
  @type list_keys_response :: {:ok, [key_details]} | {:error, any}
  @type public_key_response :: {:ok, public_key} | {:error, any}
  @type sign_response :: {:ok, KMS.Signature.t()} | {:error, any}

  @client Application.compile_env!(:my_app, [__MODULE__, :client])

  @callback list_keys(opts :: keyword) :: list_keys_response
  @callback get_public_key(key_id :: String.t(), opts :: keyword) :: public_key_response
  @callback sign(String.t(), key_id :: String.t(), opts :: keyword) :: sign_response

  @spec list_keys(keyword) :: list_keys_response
  def list_keys(opts), do: @client.list_keys(opts)

  @spec list_keys!(keyword) :: [key_details]
  def list_keys!(opts) do
    case list_keys(opts) do
      {:ok, keys} -> keys
      {:error, error} -> raise KMS.NoKeyDetailsFoundError, message: "#{inspect(error)}"
    end
  end

  @spec get_public_key(String.t(), keyword) :: public_key_response
  def get_public_key(key_id, opts), do: @client.get_public_key(key_id, opts)

  @spec get_public_key!(String.t(), keyword) :: public_key
  def get_public_key!(key_id, opts) do
    case get_public_key(key_id, opts) do
      {:ok, public_key} -> public_key
      {:error, error} -> raise KMS.NoPublicKeyFoundError, message: "#{inspect(error)}"
    end
  end

  @spec sign(String.t(), String.t(), keyword) :: sign_response
  def sign(message, key_id, opts), do: @client.sign(message, key_id, opts)
end

First Post!

chulkilee

chulkilee

I don’t know if there is one for KMS - but you may use adapter pattern (like Tesla for HTTP client) to have general interface and specific implementation modules.

However I’m not sure we can have a good abstraction of KMS; I’ve used three KMS but they are slightly different - especially auth and details on options. I’ve built own domain/context module for my abstraction/policy etc. wrapping existing library instead of making generic wrapper for all KMS provider for that reason.

Do you have any similar libraries for KMS in other languages?

Where Next?

Popular in Questions Top

New
Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
mgjohns61585
Could someone help me? I’m making my first elixir program, number guessing game. I can’t figure out how to convert the user’s guess from ...
New
vac
Hi, I’m quite new in Elixir and I’m trying to format a string to a PEM format. I have the certificate value like MIIDBTCCAe2...... and I...
New
Lily
In templates/appointment/index.html.eex: <%= for appointment <- @appointments do %> <tr> <td><%= appoi...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New

Other popular topics Top

marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 53690 245
New
chrismccord
This release brings a number of exciting features, including integration with the new Phoenix LiveDashboard and Phoenix LiveView. There h...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
axelson
This post is a wiki (feel free to hit the edit button near the bottom right of this post to add your own changes!) This post collects co...
239 47930 226
New
joaquinalcerro
Hi there, I am working with Ecto-Postgresql and I need to call all of the records from a specific table but the table has 40,000 records...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New

We're in Beta

About us Mission Statement